<?php
namespace app\controllers\api\account;

use fate\http\Request;
use app\models\User;
use app\libs\LibUser;

class EditpwdloginController extends \app\controllers\ForceLoginPure {
    public function run() {
        $req = Request::getInstance();

        $password = $req->getParameter('password');
        $confirming = $req->getParameter('confirming');
        $old = $req->getParameter('old');

        if(!$password) {
            $this->ajaxReturn(null, 300002);
            exit;
        }
        if($password !== $confirming) {
            $this->ajaxReturn(null, 300002);
            exit;
        }

        $uid = LibUser::getLoginUid();
        $user = new User();
        $data = $user->getOne('password', $uid);

        if(null === $data || $data['password'] !== md5($old)) {
            $this->ajaxReturn(null, 200002);
            exit;
        }

        $user->update($uid, ['password' => md5($password)]);

        $this->ajaxReturn(null);
    }
}
